Articles

5 Basic Network Security Controls For Enterprises

In the current climate, organisations are always tempted to focus their attentions on wireless and Wi-Fi security, with these presenting an excellent attack path to gain a foothold in the network. With no physical boundaries present on wireless networks, an ever-increasing number of tools to automate the process and a wealth of wireless network exploits available, it is no wonder organisations are taking wireless network security seriously. A classic example could be an attacker sitting outside the physical boundary of the orgsanisation with a war-driver, detecting the SSID and launching a plethora of attacks.

However, it is becoming increasingly evident that organisations need to be wary of both network attacks on the wire and off the wire. With threats coming from inside and outside the network, controls need to be in place to prevent attacks against wired networks as well as wireless networks.

In this article we aim to look at 5 basic network security controls to get organisations started. Controls in frameworks such as ISO27001 should be implemented by organisations with significant identifiable threats, however, these controls can be used as a starting point to reduce the attack surface and enable organisations to identify, isolate and respond from network security attacks.

Network Security Control #1: Network auditing and mapping

This basic network security control is often overlooked by organisations that simply want a quick and cheap fix. The key to protecting any organisational network is initially to understand the infrastructure, what exists on that network and what connections are going in and out.

By performing auditing of the network, the organisation can gain an understanding of what kit physically exists on the network including location, model, vendor, version numbers and configurations. By understanding these properties, organisations can initially identify any security vulnerabilities that may be present in version numbers, or which pieces of kit need replacing and when.

In addition to understanding vulnerabilities, by performing effective auditing and mapping the organisation can understand connectivity paths throughout the network. This is critical when deciphering potential attack paths for attackers, and to identify where threats and risks exist on the network. For example, if an organisation is not aware of a remote access connection going straight into the network from a remote worker, then they may not have sufficient controls to prevent unauthorised access.

Audit and mapping applications can support this activity for organisations with a large infrastructure. As the configuration and size of the network can change regularly, it is recommended that this action is performed on a regular basis to maintain an understanding of the network and the components that exist on it.

Network Security Control #2: Secure configuration

The next logical step for enterprises to consider is secure configuration of network equipment. This includes basic steps such as removing default credentials and implementing strong authentication controls, locking down equipment, removing unnecessary services and, most importantly, making sure that all equipment is up to date.

It is crucial that all components on the network are secure and up to date. Vulnerabilities present in security enforcing functions are a significant risk and should be eliminated. Network infrastructure should be included as part of the patch cycle, this should include routers, firewalls and monitoring devices.

Network Security Control #3: Physical security controls

As well as controls on the network, it is vital that physical security controls are implemented. This is often an aspect of network security that is overlooked but it is just as important for enterprises to implement physical security boundaries as it is to implement network security boundaries.

Logical threats are ever present and if an attacker can gain physical access to compromise the network then they will. A classic example of this is an attacker with removable media access. If the attacker can simply plug their USB stick containing malicious content into a network connected device then they will take this attack path rather than having to identify and compromise a vulnerability at the network level.

Enterprises should consider physical security controls that are proportionate to their environment. For example, a bullet proof door with 24 hour CCTV is not proportionate to monitor a data centre that only contains 1 server processing publically accessible information. However, this may be appropritate for a data centre that contains servers with millions of customer records or housing intellectual property. Organisations are encouraged to risk assess their environment and consider a plethora of physical security controls to protect their assets.

Network Security Control #4: Network segregation

This is an architectural control that is critical in ensuring that the network is separated into appropriate security zones. There are a number of reasons to ensure that enterprise networks are segregated appropriately, one of which is to isolate any attack against the rest of the network. For example, an attacker that gains a foothold in the network via a compromised device should not have access to everything in the network. This may be controlled via access control policies, but by segregating the network into zones the enterprise gains a further control to prevent unauthorised users accessing and compromising data.

A way of achieving this may be via Virtual Local Area Networks (VLANS). VLANS can be utilised to segregate the network by traffic or user type for both performance and security reasons. For example, employee A may be on VLAN A that only allows access to a subset of services or data. Employees present on VLAN B may not be able to access the same resources as VLAN A. VLANS can be configured to group together ethernet ports or even wireless access points.

By configuring networks to put employees or certain users in certain VLANS, organisations can organise their network appropriately, gain maximum efficiency and reduce unauthorised access. This type of technology works best in a dynamic environment where users can be assigned to a particular VLAN in isolation from where they physically connect on the network.

VLANs are implemented at the transport layer and routers can be configured for this purpose. Routers that support IEEE 802.1Q can typically offer this functionality and should be considered by enterprises wishing to segregate their network appropriately.

Network Security Control #5: Network monitoring

Last but not least is network monitoring. This is a fundamental part of any network in the current climate and often the first line of defence in identifying, isolating and responding to network security attacks. Organisations need to be aware of their environment, what normal looks like and ways of detecting deviant behaviour in order to keep their network secure.

Monitoring of enterprise environments can be achieved in multiple ways and there is not a singular magic box that will help organisations achieve this. In order to achieve a successful monitoring control, enterprises need to have an understanding of their network, the type of traffic they would expect and a method of identifying anything that falls out of that expected behaviour type. This could be achieved by establishing a baseline of expected behaviour and alerting any events that fall outside of that.

In the current environment, many organisatons are choosing to outsource this activity in order to focus on their own network controls. Some organisations may require a 24×7 service to identify and respond from attacks at all hours – this should be determined by the threat to the environment and the sensitivity of the data existing on the network.

As a minimum, organisations should expect to implement some sort of intrusion detection service, as well as standard firewalls and network security controls. All monitoring devices should report to a central repository where appropriate analysis can take place to identify anomalous behaviour.